change provenance to attestation

Signed-off-by: Appu Goundan <[email protected]>

Author: loosebazooka

cli/slsa-verifier/verify.go

@@ -199,10 +199,10 @@ func verifyGithubAttestation() *cobra.Command {
 		Short: "Verifies SLSA provenance for a github attestation [experimental]",
 		Run: func(cmd *cobra.Command, args []string) {
 			v := verify.VerifyGithubAttestationCommand{
-				ProvenancePath:  o.ProvenancePath,
-				SourceURI:       o.SourceURI,
-				PrintProvenance: o.PrintProvenance,
-				BuilderID:       &o.BuilderID,
+				AttestationPath:  o.AttestationPath,
+				SourceURI:        o.SourceURI,
+				PrintAttestation: o.PrintAttestation,
+				BuilderID:        &o.BuilderID,
 			}
 			if _, err := v.Exec(cmd.Context(), args[0]); err != nil {
 				fmt.Fprintf(os.Stderr, "%s: %v\n", FAILURE, err)

cli/slsa-verifier/verify/options.go

@@ -129,10 +129,10 @@ func (o *VerifyNpmOptions) AddFlags(cmd *cobra.Command) {
 
 // VerifyGithubAttestationOptions is the top-level options for the `verify-github-attestation` command.
 type VerifyGithubAttestationOptions struct {
-	SourceURI       string
-	BuilderID       string
-	ProvenancePath  string
-	PrintProvenance bool
+	SourceURI        string
+	BuilderID        string
+	AttestationPath  string
+	PrintAttestation bool
 }
 
 var _ Interface = (*VerifyGithubAttestationOptions)(nil)
@@ -146,14 +146,14 @@ func (o *VerifyGithubAttestationOptions) AddFlags(cmd *cobra.Command) {
 		"expected source repository that should have produced the binary, e.g. github.com/some/repo")
 
 	/* Other options */
-	cmd.Flags().StringVar(&o.ProvenancePath, "provenance-path", "",
-		"path to an provenance file")
+	cmd.Flags().StringVar(&o.AttestationPath, "attestation-path", "",
+		"path to an attestation file")
 
-	cmd.Flags().BoolVar(&o.PrintProvenance, "print-provenance", false,
-		"[optional] print the verified provenance to stdout")
+	cmd.Flags().BoolVar(&o.PrintAttestation, "print-attestation", false,
+		"[optional] print the verified attestation to stdout")
 
 	cmd.MarkFlagRequired("source-uri")
-	cmd.MarkFlagRequired("provenance-path")
+	cmd.MarkFlagRequired("attestation-path")
 	cmd.MarkFlagRequired("builder-id")
 }
 

cli/slsa-verifier/verify/verify_github_attestation.go

@@ -27,11 +27,11 @@ import (
 )
 
 type VerifyGithubAttestationCommand struct {
-	ProvenancePath      string
+	AttestationPath     string
 	BuilderID           *string
 	SourceURI           string
 	BuildWorkflowInputs map[string]string
-	PrintProvenance     bool
+	PrintAttestation    bool
 }
 
 func (c *VerifyGithubAttestationCommand) Exec(ctx context.Context, artifact string) (*utils.TrustedBuilderID, error) {
@@ -57,20 +57,20 @@ func (c *VerifyGithubAttestationCommand) Exec(ctx context.Context, artifact stri
 		ExpectedID: c.BuilderID,
 	}
 
-	provenance, err := os.ReadFile(c.ProvenancePath)
+	attestation, err := os.ReadFile(c.AttestationPath)
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "Verifying artifact %s: FAILED: %v\n\n", artifact, err)
 		return nil, err
 	}
 
-	verifiedProvenance, outBuilderID, err := verifiers.VerifyGithubAttestation(ctx, provenance, provenanceOpts, builderOpts)
+	verifiedAttestation, outBuilderID, err := verifiers.VerifyGithubAttestation(ctx, attestation, provenanceOpts, builderOpts)
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "Verifying artifact %s: FAILED: %v\n\n", artifact, err)
 		return nil, err
 	}
 
-	if c.PrintProvenance {
-		fmt.Fprintf(os.Stdout, "%s\n", string(verifiedProvenance))
+	if c.PrintAttestation {
+		fmt.Fprintf(os.Stdout, "%s\n", string(verifiedAttestation))
 	}
 
 	fmt.Fprintf(os.Stderr, "Verifying artifact %s: PASSED\n\n", artifact)

register/register.go

@@ -31,7 +31,7 @@ type SLSAVerifier interface {
 
 	// VerifyGithubAttestation verifies provenance for a Github Attestations.
 	VerifyGithubAttestation(ctx context.Context,
-		provenance []byte,
+		attestation []byte,
 		provenanceOpts *options.ProvenanceOpts,
 		builderOpts *options.BuilderOpts,
 	) ([]byte, *utils.TrustedBuilderID, error)

verifiers/internal/gcb/verifier.go

@@ -41,7 +41,7 @@ func (v *GCBVerifier) VerifyArtifact(ctx context.Context,
 
 // VerifyGithubAttestation verifies provenance for a Github Attestations.
 func (v *GCBVerifier) VerifyGithubAttestation(ctx context.Context,
-	provenance []byte,
+	attestation []byte,
 	provenanceOpts *options.ProvenanceOpts,
 	builderOpts *options.BuilderOpts,
 ) ([]byte, *utils.TrustedBuilderID, error) {

verifiers/internal/gha/verifier.go

@@ -244,11 +244,11 @@ func (v *GHAVerifier) VerifyArtifact(ctx context.Context,
 
 // VerifyGithubAttestation verifies provenance for a Github Attestations.
 func (v *GHAVerifier) VerifyGithubAttestation(ctx context.Context,
-	provenance []byte,
+	attestation []byte,
 	provenanceOpts *options.ProvenanceOpts,
 	builderOpts *options.BuilderOpts,
 ) ([]byte, *utils.TrustedBuilderID, error) {
-	if !IsSigstoreBundle(provenance) {
+	if !IsSigstoreBundle(attestation) {
 		return nil, nil, errors.New("github attestations must be signed by Sigstore")
 	}
 
@@ -258,7 +258,7 @@ func (v *GHAVerifier) VerifyGithubAttestation(ctx context.Context,
 	}
 
 	/* Verify signature on the intoto attestation. */
-	signedAtt, err := VerifyProvenanceBundle(ctx, provenance, trustedRoot)
+	signedAtt, err := VerifyProvenanceBundle(ctx, attestation, trustedRoot)
 	if err != nil {
 		return nil, nil, err
 	}